Last Updated on August 24, 2023
Interview between Karsten Schmidt & Martijn van den Corput
With the surge of omnichannel customer engagements for Life Sciences companies, consent management is of paramount importance. Companies must deal with consent effective and ethically to properly cover the increasing regulatory scrutiny and privacy concerns. We have asked Martijn van den Corput, Chief Commercial Officer at OptInsight for an interview about specific challenges in this field and how they should be addressed in the best possible way.
Karsten: Thanks for taking the time for this interview, Martijn. To get started, what are basic considerations for Life Sciences companies when it comes to consent management with Healthcare Professionals (HCPs)?
Martijn: Thanks for having me. First of all, Life Sciences companies want to be able to start digital communication with HCPs. Therefore, they need to collect and process personal data of the HCP. Looking to the Global Data Protection Regulation (GDPR) in Europe, promotional communication from the Life Sciences company to the HCP should be based on one of the six legal grounds of the GDPR. For using personal data of HCPs, the only legal GDPR ground to rely on is consent (opt-in). Compared with the other five legal grounds, consent is the most challenging one, because it is bound by rules how it is collected, stored, and maintained on an individual level. This has an impact on processes, technology, and people, if you consider how to manage it within the organization. You can imagine that using personal data in an inappropriate way can cause compliance risks, lack of trust, and an ineffective use of data, which can lead to lost opportunities.
Karsten: What specific challenges do Life Sciences companies face regarding consent management?
Martijn: First, let’s set the scene. For me consent management is a journey that is driven by the HCP. That means, the HCP always can decide how to handle their personal data. From compliance perspective it is a requirement, from commercial perspective a no-brainer. Therefore, from a company perspective they should develop five main capabilities:
- shaping a consent management strategy
- having one truth of the consent status regarding storage of the data,
- being capable to collect personal data where the HCP resides,
- being capable to capture changes (e.g. opt-out, preferences) no matter what communication channels are being used, and
- demonstrate a clear way of how to maintain consent.
The main challenge for Life Sciences companies is to eliminate data scattering throughout the organisation. Personal data often resides in different sources, applications etc., which causes integrity issues: elements not updated, incomplete, incorrect, or lacking justification for being used.
In practice, we see a high degree of manual work trying to solve this issue, confusion about what data can be used or not, and lack of alignment between departments having to rely on the same data quality.
To give you an example, in a first analysis conducted for one of our clients, we found more than 5.700 personal data records throughout applications with a consent status (opt-in or opt-out) unknown before. This is both a risk, and a lost opportunity. By clearing this, sending a communication to doctors who opted out was prevented. At the same time, it opened the opportunity to communicate again with HCPs who were classified incorrectly as opt-outs. A single source of truth of data regarding consent is of vital importance.
Karsten: How can technology help to reduce the complexity of consent management whilst guaranteeing to be 100% GDPR compliant?
Martijn: Technology should create and maintain a single source of truth of consent status across the whole journey as described earlier. It should have the capability to connect easily with other online channels to collect the data. It should also be able to synchronize the data real-time with internal applications which are used by the organisation for action and analysis purposes.
As consent storage must be specific, it should be able to differentiate between purposes and related processes to meet that requirement. It is not allowed to collect consent for generic purposes. Medical communication differs from e.g., promotional communication, so an opt-in or opt-out should be captured regarding processing activities.
An extensive audit-trail on individual level is in place to prove in real time how data is being used and under which consent status.
Important is not trying to fix this quickly in other applications e.g., Customer Relationship Management systems or Marketing Automation tools. These applications should rather be considered channels to collect consent. They have another purpose than being the single source of truth for managing consent comprehensively.
Karsten: What peculiarities must be considered when a consent management solution is deployed in multiple countries?
Martijn: A solution should have a tenant structure. Firstly, a tenant structure allows you to apply local business and data protection rules with ease and compliance. Each tenant represents a distinct customer (e.g. country), ensuring that you can tailor the solution to adhere to specific regional regulations and requirements. For example, a double opt-in is required for Germany but not for the Netherlands. A general rule under GDPR is that only employees that need personal data for their activities should have access to them. From that perspective it could be difficult to argue that the commercial employee in one country should have access to the personal data of another business unit in another country. In addition to that, some countries are quite protective with respect to personal data companies are processing. This could mean that in these countries it is not allowed to share access to personal data with employees from business units abroad.
By utilizing separate tenants, you can apply the necessary rules only to the respective countries, enhancing consent conversion rates and streamlining processes.
Moreover, certain countries within the EU have stricter requirements for processing activities related to consent, such as promotional communication, medical communication, and profiling. By adopting a multi-tenant architecture, you can apply these specific requirements on a per-country basis, avoiding the need to enforce them globally. This approach allows for greater granularity and avoids unnecessary complexities.
Karsten: What is the most efficient way to collect consent when different channels can be used (e.g field force, web portals, phone survey, webinars)?
Martijn: What we experience is that the phone channel results in high opt-in rates, sometimes up to 70% across countries. This has to do with the personal approach. Starting a personal dialogue with a doctor and/or assistant makes it possible to ask questions about their needs and wants. That makes it a powerful channel. It also counts for the sales rep channel, although we see lower rates. The main reason is that there is a need for more training to ask for consent during a call or meeting. For websites/portals we see ratios up to 60%, but that is highly dependent on how traffic is managed in these cases (e.g. marketing spend for advertising to attract HCPs to websites/portals).
Moreover, the silver bullet is that you must put the channels in place where the HCP resides. It is not a question of deploying one channel, it is about omni-channel engagement (on and offline).
Karsten: When HCPs start to opt out, should Life Sciences companies be concerned about quality of their content or overall customer experience?
Martijn: This is always an interesting question. Basically, companies should try to prevent doctors from opting out. Let´s assume an email is sent with an attachment included. If right from the beginning, the opening rates and click through rates are very low, then corrective action should be triggered. Otherwise, HCPs might start opting out.
Ultimately, an opt-out is not the end of the world and opt-ins are not needed from all doctors. It is about the specific target group. Who are the most important HCPs in adopting the treatment or medicines in question? Who are the real influencers and advocates? If they are lost, then there is a reason to be worried. The first step is always to figure out what the reason is for opting out. Again, starting a dialogue is always helpful. We experienced for some clients, that they turned 40% of the opted-out population into an opt-in again, just by listening to them.
And to add on that from a data protection perspective: The more personal data you have the more personal data must be protected. Therefore, you should get rid of irrelevant personal data applying the data minimisation principle.
Karsten: In general, how often does consent given by HCPs need to be reviewed and refreshed?
Karsten: What future developments or enhancements do you expect for consent management solutions soon to meet the evolving needs of Life Sciences companies?
Martijn: HCPs are also humans. They are always busy with helping their patients as best as they can. That is their mission. They are approached by many companies that want their attention. That is very time consuming and sometimes disturbing.
I foresee a trend of HCPs entering a central platform where they decide which company to give their personal data with consent. The HCP will be fully in the driver seat about the frequency, content and needs related to how they can better serve their patients.
Karsten: Thank you, Martijn, for sharing your valuable insights on consent management in the Life Sciences industry. Your expertise has shed light on the importance of ethical and effective consent practices for companies facing increasing regulatory scrutiny and privacy concerns in today’s digital landscape.
In summary, we can say that Consent is indeed of vital importance as companies engage with Healthcare Professionals (HCPs) across multiple channels. Challenges include complying with GDPR rules and eliminating data scattering. Technology can simplify consent management and ensure compliance. A multi-tenant structure is essential for deploying solutions in various countries. The key to successful consent collection lies in personal dialogue with HCPs to understand their preferences. Also, Opt-outs can be addressed via customer dialogue as well as content quality improvement. Consent should be periodically reviewed and refreshed. The future may see HCPs having more control over their personal data through a central platform.